Trojan.JS.Agent.ELA

Trojan.JS.Agent.ELA is a dangerous Trojan and malicious JavaScript file that searches for vulnerabilities and exploits them. Trojan.JS.Agent.ELA propagates via social engineering tricks on social networks or via JS injects found in bogus websites. At first, Trojan.JS.Agent.ELA decides which operating system, Windows, Mac or Linux, the targeted web browser is installed on. Then, Trojan.JS.Agent.ELA confirms the web browser type and version to find out if it is Internet Explorer, Safari, Chrome, Gecko (Mozilla Firefox) or Opera. After that, Trojan.JS.Agent.ELA decides what plug-ins are installed on the infected web browser. These plugins and their versions will be used for choosing the exploits that will be used to download other malware threats. Exploits are customized for certain plugin versions in order to be compatible to the affected PC system.

Trojan.JS.Agent.ELA displays the message in the infected web browser that reads: "Please wait page is loading..." to pass the PC user off the actual installation of the malware threat on the computer. Sometimes Trojan.JS.Agent.ELA can display a "404 not found" blank page or other messages that would redirect the Internet user toward legitimate clean websites. Next, Trojan.JS.Agent.ELA will load a web page selected depending on the search results of the search performed by the script on the computer user's PC. This will be either a malicious application if it found a vulnerable Java version, a malicious video, if a flash player version is vulnerable, or a malicious PDF file if the Adobe Reader version has been downloaded from the suspcious source. Trojan.JS.Agent.ELA cleans the memory it needed to install additional malware infections and also avoids detection by security software. These exploits will allow Trojan.JS.Agent.ELA to connect the corrupted web browser to fraudulent websites where it downloads further malware threats such as Zeus Trojan.